Logpoint UEBA product provides a powerful analytics tool for cybersecurity departments to detect unusual network events and suspicious user activity. The solution gives capabilities to reduce the number of false incidents, detect the main reasons for deviations in system operation and fast problem respond to a problem.
Functional
- Monitors both suspicious user behavior as well as other entities such as cloud, mobile or on-premise applications, endpoints, networks, and external threats.
- Builds baselines for every entity in the network and actions are then evaluated against these baselines.
- Identify anomalies by using algorithm-driven analytics to detect beaconing, lateral movement, or weaponization.
- Outputs from the UEBA module can be correlated with SIEM events, making the original events more insightful than ever.
- Discover suspicious user behavior by statically or dynamically enriching the original log data using the information from machine learning.